Security Practices
JQL Compare Fields for Jira is designed as a Forge-only Jira Cloud app with a narrow scope focused on field comparison searches.
Jira Cloud and Atlassian Forge. No Jira Data Center, Connect or separate vendor-hosted product backend is used.
read:jira-work, read:jira-user, read:app-data:jira, write:app-data:jira and storage:app.
The app does not request issue write permissions.
Architecture
The app renders Forge UI pages and JQL functions inside Jira Cloud. It reads Jira metadata and issue data required for comparison, preview, scope building, diagnostics and precomputation.
Data access
The app reads issue, field, project, user and app data needed to resolve fields, validate scope, execute comparison functions and preview results. Jira permissions continue to control what a user can access.
Data storage
Forge KVS stores app settings, diagnostics, field metadata cache and precomputation metadata. Raw issue field values are not intended to be stored permanently.
External services
The Forge app does not use an external vendor backend or external analytics. This public marketing website may use Google measurement tools as described in the Privacy Policy.
Vulnerability reporting
Report security issues to support.jira@mederak.app. Include reproduction steps, impact and affected Jira site context. Do not include secrets, access tokens or private issue data.